<?php
!defined('P_W') && exit('Forbidden');

$updatecache = false;
$query = $db->query("SELECT db_name,db_value FROM pw_config WHERE db_name='db_siteid' OR db_name='db_siteownerid' OR db_name='db_sitehash'");
while ($rt = $db->fetch_array($query)) {
	if (($rt['db_name']=='db_siteid' && $rt['db_value']!=$db_siteid) || ($rt['db_name']=='db_siteownerid' && $rt['db_value']!=$db_siteownerid) || ($rt['db_name']=='db_sitehash' && $rt['db_value']!=$db_sitehash)) {
		${$rt['db_name']} = preg_replace('/[^\d\w\_]/is','',$rt['db_value']);
		$updatecache = true;
	}
}
$db->free_result($query);
if (!$db_siteid) {
	$db_siteid = generatestr(32);
	$db->update("REPLACE INTO pw_config SET db_name='db_siteid',db_value=".pwEscape($db_siteid,false));

	$db_siteownerid = generatestr(32);
	$db->update("REPLACE INTO pw_config SET db_name='db_siteownerid',db_value=".pwEscape($db_siteownerid,false));

	$db_sitehash = '10'.SitStrCode(md5($db_siteid.$db_siteownerid),md5($db_siteownerid.$db_siteid));
	$db->update("REPLACE INTO pw_config SET db_name='db_sitehash',db_value=".pwEscape($db_sitehash,false));
	$updatecache = true;
}
$updatecache && updatecache_c();

if (in_array($action,array('login','register'))) {
	$partner = md5($db_siteid.$db_siteownerid);
	$verify = md5($db_sitehash.$partner.$action);
}

!$action && $action = 'info';
${'cls_'.$action} = 'class="two"';

$host = $db_bbsurl;
if (($host && strpos($host,'localhost') !== false || strpos($host,'127.0') !== false || strpos($host,'127.1') !== false || strpos($host,'192.168') !== false) && ($action == 'login' || $action == 'register')) {
	adminmsg('localhost_error');
}

if ($action=='modify') {
	if ($_POST['step']==2) {
		InitGP(array('siteid','siteownerid','sitehash'));
		if (!$siteid || !$siteownerid || !$sitehash) {
			adminmsg('adcode_error');
		}
		if ($sitehash != '10'.SitStrCode(md5($siteid.$siteownerid),md5($siteownerid.$siteid))) {
			adminmsg('adcode_error');
		}
		$db->update("REPLACE INTO pw_config SET db_name='db_siteid',db_value=".pwEscape($siteid));
		$db->update("REPLACE INTO pw_config SET db_name='db_siteownerid',db_value=".pwEscape($siteownerid));
		$db->update("REPLACE INTO pw_config SET db_name='db_sitehash',db_value=".pwEscape($sitehash));
		$db->update("UPDATE pw_config SET db_value=0 WHERE db_name='db_appuid'");
		$db->update("UPDATE pw_config SET db_value=0 WHERE db_name='db_appstate'");

		updatecache_c();
		adminmsg('operate_success');
	} elseif ($_GET['step']==3) {
		$siteid = generatestr(32);
		$siteownerid = generatestr(32);
		$sitehash = '10'.SitStrCode(md5($siteid.$siteownerid),md5($siteownerid.$siteid));
	}
} elseif ($action == 'login') {
	ObHeader("http://www.phpwind.com/pw_app.php?action=$action&sitehash=$db_sitehash&verify=$verify&host=$host");
} elseif ($action == 'register') {

	require_once(R_P.'require/posthost.php');
	
	$data = PostHost("http://app.phpwind.com/pw_app.php?","action=$action&sitehash=$db_sitehash&siteid=$db_siteid&siteownerid=$db_siteownerid&manager=$manager[0]&host=$host&verify=$verify&","POST");

	$backdata = substr($data,strpos($data,'$backdata=')+10);

	if (strpos($backdata,'Not Found') !== false) {
		Showmsg('The Interface is not exist');
	}
	if (strpos($backdata,'}') === false) {
		Showmsg($backdata);
	}

	$backdatadb = unserialize(stripslashes($backdata));
	$appuid = $backdatadb['uid'];
	$appstate = $backdatadb['state'];

	if ($appuid && is_numeric($appuid) && $appstate && is_numeric($appstate)) {
		$db->pw_update(
			"SELECT db_name FROM pw_config WHERE db_name='db_appuid'",
			"UPDATE pw_config SET db_value=".pwEscape($appuid)."WHERE db_name='db_appuid'",
			"INSERT INTO pw_config SET db_name='db_appuid',db_value=".pwEscape($appuid)
		);
		$appstate == '2' && $appstate = '0';
		$db->pw_update(
			"SELECT db_name FROM pw_config WHERE db_name='db_appstate'",
			"UPDATE pw_config SET db_value=".pwEscape($appstate)."WHERE db_name='db_appstate'",
			"INSERT INTO pw_config SET db_name='db_appstate',db_value=".pwEscape($appstate)
		);
		updatecache_c();
		$verify = md5($db_sitehash.$partner.'login');
		ObHeader("http://www.phpwind.com/pw_app.php?action=login&sitehash=$db_sitehash&verify=$verify&host=$host");
	} else {
		adminmsg($backdata);
	}
} elseif (!in_array($action,array('key','info','reg','edit'))) {
	ObHeader($basename);
}
include PrintEot('code');exit;
function generatestr($len) {
	mt_srand((double)microtime()*1000000);
    $keychars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWYXZ";
	$maxlen = strlen($keychars)-1;
	$str = '';
	for ($i=0;$i<$len;$i++){
		$str .= $keychars[mt_rand(0,$maxlen)];
	}
	return substr(md5($str.microtime().$GLOBALS['HTTP_HOST'].$GLOBALS['pwServer']["HTTP_USER_AGENT"].$GLOBALS['db_hash']),0,$len);
}
function SitStrCode($string,$key,$action='ENCODE'){
	$string	= $action == 'ENCODE' ? $string : base64_decode($string);
	$len	= strlen($key);
	$code	= '';
	for($i=0; $i<strlen($string); $i++){
		$k		= $i % $len;
		$code  .= $string[$i] ^ $key[$k];
	}
	$code = $action == 'DECODE' ? $code : str_replace('=','',base64_encode($code));
	return $code;
}
?>